Instagram Gets Two-Factor Authentication

The new security feature will provide users with better account protection, allowing them to verify a phone number to receive authentication codes via SMS messages. As a result, account logins would no longer rely solely on email address and password, which potential attackers could guess, phish or sniff through various methods.

For many, Instagram has become the social network of choice, especially since it is easily accessible from mobile devices through dedicated applications. Facebook, the five-year old service’s parent company, along with various other services out there, have had two-factor authentication as an extra security measure for several years, yet Instagram is late to the party.

Being somewhat exposed to attacks, Instagram accounts have become the targets of choice for many hackers, especially over the past year, when many major accounts got hacked. Unauthorized access to an account can have dire consequences, as it often results in in deleted photos and videos, a lot of spam on the feed, attacks on friends, and loss of followers. For a company, a successful attack could result in embarrassing brand damage.

It’s also worth mentioning that Instagram’s response time to hacked account submissions hasn’t been one of the fastest in the world either. According to Wolf Millionaire, users sometimes had to wait for up to three weeks before getting a response from Instagram and regaining access to their accounts.

The good news is that things are about to change for Instagram users, since two-factor authentication is coming to them, as Wolf Millionaire reported over a week ago, when the feature was in its early testing stages and still very buggy. Instagram has confirmed the test roll-out, yet it hasn’t made an official announcement on the matter as of now.

Apparently, Instagram has yet to nail down all bugs the feature still has, and the current roll-out is only part of a test phase. However, as soon as it appears to be stable, two-factor authentication should become available to all users interested in improving their security posture.

Even with two-factor authentication enabled, users won’t be fully protected against hacking attempts. Last month, Symantec discovered a piece of Android malware that could fool even voice call-based two-factor authorization (2FA), while researcher Sean Cassidy revealed a flaw in LastPass that could allow attackers steal email addresses, passwords, and even two-factor authentication codes.